XIE Qi,CHEN De-ren,YU Xiu-yuan

IF: 2.034

2010-01-01

Systems Engineering

Abstract:In 2009, Park, et al. proposed an efficient remote user authentication protocol. They claimed that their protocol was the first password and smart card based remote user authentication scheme which can resist the off-line password guessing attack, and had many advantages over existing solutions such as no password tables and timestamp, low communication and computational costs. However, this paper shows that their protocol cannot resist the forgery attack and off-line password guessing attack. To overcome the security weaknesses, two improved schemes based on either nonce or timestamp without affecting the merits of the Park, et al. scheme are proposed. Technical discussions are provided to show that the improved protocol is secure, efficient and practical.

Tianjie Cao,Yong Zhang

2009-01-01

Journal of Computational Information Systems

Abstract:Lee, Kim and Yoo proposed an efficient remote user authentication scheme based smart cards. The Lee-Kim-Yoo scheme uses random nonces to resist replay attack and allows users to choose and change their passwords freely. Moreover, the Lee-Kim-Yoo scheme is very efficient in computation. However, this paper shows that the Lee-Kim-Yoo scheme is vulnerable to a parallel session attack and a denial-of-service attack. We also propose an improved protocol on the Lee-Kim-Yoo scheme to solve these problems. Copyright © 2009 Binary Information Press.

Rong Fan,Dao-jing He,Xue-zeng Pan,Ling-di Ping

DOI: https://doi.org/10.1631/jzus.c1000377

2011-01-01

Abstract:Wireless sensor networks (WSNs) are vulnerable to security attacks due to their deployment and resource constraints. Considering that most large-scale WSNs follow a two-tiered architecture, we propose an efficient and denial-of-service (DoS)-resistant user authentication scheme for two-tiered WSNs. The proposed approach reduces the computational load, since it performs only simple operations, such as exclusive-OR and a one-way hash function. This feature is more suitable for the resource-limited sensor nodes and mobile devices. And it is unnecessary for master nodes to forward login request messages to the base station, or maintain a long user list. In addition, pseudonym identity is introduced to preserve user anonymity. Through clever design, our proposed scheme can prevent smart card breaches. Finally, security and performance analysis demonstrates the effectiveness and robustness of the proposed scheme.

Qi Xie,Deren Chen

DOI: https://doi.org/10.1109/icie.2010.292

2010-01-01

Journal of Networks

Abstract:To use the network services provided by multiple servers in mobile wireless network, a hash function and smart card based multi-server authentication scheme without verification tables and servers' public keys is proposed. The new protocol has many advantages, such as no encryption, signature, verification tables, timestamp, and public keys directory.

Jianqing Fu,Jian Chen,Rong Fan,XiaoPing Chen,Lingdi Ping

DOI: https://doi.org/10.1109/wcse.2009.731

2009-01-01

Abstract:With the widespread use of mobile devices, authentication and privacy of identification become important issues. We analyzed the security flaws and shortcomings of a delegation-based authentication protocol which was proposed by Caimu Tang, et al., and provided an improved protocol. We use elliptic-curve cryptography and hash chain to ensure the safety of system in our scheme. The research results reveal that the improved protocol can not only corrects the security flaws but also improve the efficiency of key management and reduce the computational load.

Rong Fan,Lingdi Ping,JianQing Fu,Xuezeng Pan

DOI: https://doi.org/10.1109/PACCS.2010.5626600

2010-01-01

Abstract:As wireless sensor networks (WSNs) are susceptible to attacks and sensor nodes have limited resources, designing a secure and efficient user authentication protocol for WSNs is a difficult task. Considering that most future large-scale WSNs follow a two-tiered architecture, we propose an efficient and Denial-of-Service resistant user authentication scheme for two-tiered WSNs, which imposes very light computational load and requires simple operations such as one-way hash function and exclusive-OR operations. In addition, there is a growing requirement for preserving user anonymity recently. Thus we introduce pseudonym identity for each user which is concealed in login messages. And through clever design, our proposed scheme can prevent from smart card breach. Moreover, the security analysis on this scheme demonstrates that our proposed scheme enjoys security attributes such as preventing the various kinds of attacks and user anonymity. Finally, performance analysis shows that our proposed scheme is simple and efficient.

Qi Xie,Ji-Lin Wang,Deren Chen,Xiuyuan Yu

DOI: https://doi.org/10.1109/csse.2008.1043

2008-01-01

Abstract:Recently, Das et al. proposed a dynamic ID-based remote user authentication scheme using smart cards. Liao et al. pointed out some weaknesses of Das et al.psilas scheme, and presented an improved scheme. However, an impersonate attack on Liao et al.psilas scheme is proposed, it proves that their scheme is also insecure. To overcome the weakness, the new scheme is presented. The advantage of the proposed scheme is that there are no secret numbers in the smart card, and can withstand all sorts of attacks.

Xiancun Zhou,Yan Xiong,Fuyou Miao,Mingxi Li

DOI: https://doi.org/10.1109/ccieng.2011.6008052

2011-01-01

Abstract:As an essential part of security needs of wireless sensor networks, user authentication is used to make sure only the legal user can access the data from the sensor/gateway node. Recently, several dynamic user authentication schemes for wireless sensor networks were proposed. It can be seen that these schemes have weaknesses because of using timestamps. Implement of strict and safe time synchronization is very difficult and increases network overhead. We propose a new dynamic user authentication based on nonces instead of timestamps. In the scheme, mutual authentication is performed using a challenge-response handshake between user and gateway node in both directions, and it avoids the problem of synchronism between smart card and the gateway node. Analysis shows its robustness to various attacks and requires much less computation. What's more, the scheme provides key agreement between user and gateway node.

Xiancun Zhou,Yan Xiong

DOI: https://doi.org/10.1007/978-3-642-25255-6_34

2011-01-01

Abstract:As wireless sensor networks(WSNs) are susceptible to attacks and sensor nodes have limited resources, it is necessary to design a secure and lightweight user authentication protocol for WSNs. Over the past few years, a few user authentication schemes for WSNs were proposed, in which the concept of timestamps were employed without exception. Analysis shows that it brings new security flaws. An efficient and lightweight user authentication scheme for WSNs is proposed in this paper. In proposed scheme, we employ one-way hash function with a secret key. With the help of smart card, mutual authentication is performed using a challenge-response handshake between user and gateway node in both directions, and it avoids the problem of time synchronization between smart card and the gateway node. An analysis of the scheme is presented and it shows its resilience against classical types of attacks, and it adds less computational overhead than other schemes.

L Fan,CX Xu,JH Li

IF: 1.019

2004-01-01

Chinese Journal of Electronics

Abstract:A lots of remote password authentication schemes have been proposed in recent years. However, these schemes are not designed for multi-server architecture environments. In this paper, we present a remote password authentication scheme for multi-server environments based on one-way hash function. In this scheme, any user can freely choose his password. There is no limitation of the number of the users, and the system doesn't need to keep the passwords for the users. According to the analysis, intruders cannot obtain any secret information from the public information or transmitted messages of a user. In addition, this scheme can withstand the replay attack. The computation cost of this scheme is very low.

Ding WANG,Ping WANG,Zeng-peng LI,Chun-guang MA

2015-01-01

Systems Engineering - Theory & Practice

Abstract:With identity authentication becoming an essential mechanism to ensure robust system security in information systems,RSA-based authentication protocols have been studied intensively for their great practicality.This paper points out that a recent RSA-based remote user two-factor authentication protocol proposed by Xie et al.cannot achieve the claimed security and reports its following flaws:(1) It is vulnerable to replay attack and key compromise impersonation attack;(2) It suffers from the problem of user privacy violation and poor repairability.As our main contribution,an improved scheme is put forward and formally proved secure under the RSA assumption in the random oracle model.As compared with other related schemes,our scheme is the first one that can achieve provable security while keeping the merit of high performance.Consequently,our scheme is more well-suited for mobile application scenarios where resource is severely constrained and security is particularly concerned.

Hui-Feng Huang,Su-E Liu,Hui-Fang Chen

DOI: https://doi.org/10.1109/ispa.2010.33

2013-01-01

Abstract:To the best of our knowledge, all most previously proposed schemes based on smart cards which have the tamper resistance assumption for the smart card. However, many researches have shown that the secrets stored in a smart card can be breaches by analyzing the leaked information or monitoring the power consumption. This article will propose a new mutual authentication scheme based on nonce and smart cards. In the proposed scheme, the assumption of tamper resistance for smart cards is not essential. The computation cost, security, and efficiency of the proposed method are well suitable for the practical applications environment.

ZHU Chang-sheng,LIU Peng-hui,WANG Qing-rong,CAO Lai-cheng

DOI: https://doi.org/10.3724/sp.j.1087.2011.01862

2011-01-01

Journal of Computer Applications

Abstract:How to keep mutual anonymity between two entities is one of the critical issues for Trusted Computation(TC).According to the characteristics of TC,an efficient password-based authenticated key exchange scheme was proposed.Adopting threshold cryptography and fuzzy ID set,the scheme achieved mutual anonymity between user and server sharing ID set.On the premise of secure hashing,the analysis and the proving procedure based on the Random Oracle Model(ROM) show this scheme is secure against dictionary attack and resource-depletion DoS(Denial-of-Service) attack under the computational Diffie-Hellman intractability assumption.This scheme effectively preserves the user's privacy and server's privacy,and compared with other schemes such as VIET et al.'s scheme,it is more efficient.

Zahid Mehmood,Gongliang Chen,Jianhua Li,Aiiad Albeshri

DOI: https://doi.org/10.3837/tiis.2017.03.027

2017-01-01

Abstract:Recent evolution in the open access internet technology demands that the identifying information of a user must be protected. Authentication is a prerequisite to ensure the protection of user identification. To improve Qu et al.' s scheme for remote user authentication, a recent proposal has been published by Huang et al., which presents a key agreement protocol in combination with ECC. It has been claimed that Huang et al. proposal is more robust and provides improved security. However, in the light of our experiment, it has been observed that Huang et al.' s proposal is breakable in case of user impersonation. Moreover, this paper presents an improved scheme to overcome the limitations of Huang et al.' s scheme. Security of the proposed scheme is evaluated using the well-known random oracle model. In comparison with Huang et al.' s protocol, the proposed scheme is lightweight with improved security.

Yi Chen,Hong Wen,Huanhuan Song,Songlin Chen,Feiyi Xie,Qing Yang,Lin Hu

DOI: https://doi.org/10.1049/iet-com.2018.0023

IF: 1.345

2018-01-01

IET Communications

Abstract:The energy-constrained devices such as the mobile terminals and nodes of the Internet of Things make lightweight security schemes an urgent need. The traditional identity authentication techniques can provide protection for the user's privacy and information to a certain extent, but they suffer from heavy cost. Non-cryptographic authentication mechanisms based on the physical layer characteristics are new techniques, which have a higher security level. The recognition technique of radio transmitter based on radio-frequency fingerprint (RFF) is one of the non-cryptographic authentication techniques. The authors propose a lightweight one-time password (OTP) authentication scheme based on RFF (RFF-OTP), which is a novel cross-layer secure authentication scheme and can provide mutual authentication between the mobile terminal and server, by combining RFF recognition algorithm with a hash encryption algorithm. By theoretical analysis and Syverson and van Oorschot logic verification, they prove that the RFF-OTP scheme is simple, efficient, flexible and independent of trusted-party while it also can resist the cloning attack and satisfy the anonymity compared with the OTP authentication scheme. Besides, it only requires the password to log into the system in the authors' scheme in comparison to the OTP scheme that needs both ID and password for the same purpose.

Zhuo Hao,Nenghai Yu

DOI: https://doi.org/10.1109/ISDPE.2010.15

2010-01-01

Abstract:Remote user authentication is a critical component of accessing remote services in distributed applications. In this paper we investigate the security vulnerabilities of a previously proposed remote user authentication scheme. After that we propose a security enhanced remote user password authentication scheme, which effectively prevents the adversary's attacks. The proposed authentication scheme is shown to be secure against password guessing attack, masquerade attack and replay attack. By performance analysis, the proposed scheme is shown to be very efficient, both in the computation and the storage cost. The proposed password authentication scheme is very suitable for providing remote authentication in distributed applications.

Xiong Li,Jianwei Niu,Muhammad Khurram Khan,Junguo Liao

DOI: https://doi.org/10.1016/j.jnca.2013.02.034

IF: 7.574

2013-01-01

Journal of Network and Computer Applications

Abstract:Smart card based password authentication is one of the simplest and efficient authentication mechanisms to ensure secure communication in insecure network environments. Recently, Chen et al. have pointed out the weaknesses of some password authentication schemes and proposed a robust smart card based remote user password authentication scheme to improve the security. As per their claims, their scheme is efficient and can ensure forward secrecy of the session key. However, we find that Chen et al.'s scheme cannot really ensure forward secrecy, and it cannot detect the wrong password in login phase. Besides, the password change phase of Chen et al.'s scheme is unfriendly and inefficient since the user has to communicate with the server to update his/her password. In this paper, we propose a modified smart card based remote user password authentication scheme to overcome the aforementioned weaknesses. The analysis shows that our proposed scheme is user friendly and more secure than other related schemes.

Mingwei Zhao,Xiaochen Yu

DOI: https://doi.org/10.3969/j.issn.1000-386x.2015.10.076

2015-01-01

Abstract:Compared with traditional static password identity authentication technology,the identity authentication system with dynamic password is more secure.Current schemes of dynamic password authentication have difficulties in heavy computation load and key storage because of the use of the public key encryption system mostly.In view of this,we propose a new identity authentication scheme with dynamic password which combines hash function,symmetric encryption mechanism and Challenge /Response mechanism.At the same time,we carry out the performance test and analysis on the scheme.Experimental results show that the scheme not only realises mutual authentication between server and clients under the network environment,but also has the advantages of high safety,strong practicability,low cost etc., which can be used as the identity authentication in most insecure network channels.

Manik Lal Das,Ashutosh Saxena,Ved P. Gulati

DOI: https://doi.org/10.1109/TCE.2004.1309441

2007-12-14

Abstract:Password-based authentication schemes are the most widely used techniques for remote user authentication. Many static ID-based remote user authentication schemes both with and without smart cards have been proposed. Most of the schemes do not allow the users to choose and change their passwords, and maintain a verifier table to verify the validity of the user login. In this paper we present a dynamic ID-based remote user authentication scheme using smart cards. Our scheme allows the users to choose and change their passwords freely, and do not maintain any verifier table. The scheme is secure against ID-theft, and can resist the reply attacks, forgery attacks, guessing attacks, insider attacks and stolen verifier attacks.

Cryptography and Security

Xiong Li,Jianwei Niu,Junguo Liao,Wei Liang

DOI: https://doi.org/10.1002/dac.2676

2015-01-01

Abstract:AbstractIn the authentication scheme, it is important to ensure that the user's identity changed dynamically with the different sessions, which can protect the user's privacy information from being tracked. Recently, Chang et al. proposed an untraceable dynamic identity-based remote user authentication scheme with verifiable password update. However, our analysis show that the property of untraceability can easily be broken by the legal user of the system. Besides, we find the scheme of Chang et al. vulnerable to offline password guessing attack, impersonation attack, stolen smart card attack, and insider attack. Copyright © 2013 John Wiley & Sons, Ltd.